package eu.emi.security.authn.x509.impl;

import eu.emi.security.authn.x509.helpers.CachedPEMReader;
import eu.emi.security.authn.x509.helpers.CertificateHelpers;
import eu.emi.security.authn.x509.helpers.CharArrayPasswordFinder;
import eu.emi.security.authn.x509.helpers.FlexiblePEMReader;
import eu.emi.security.authn.x509.helpers.KeyStoreHelper;
import eu.emi.security.authn.x509.helpers.PKCS8DERReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.openssl.PKCS8Generator;
import org.bouncycastle.util.io.pem.PemGenerationException;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemObjectGenerator;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:eu/emi/security/authn/x509/impl/CertificateUtils.class */
public class CertificateUtils {
    public static final String DEFAULT_KEYSTORE_ALIAS = "default";
    public static final Charset ASCII;

    /* loaded from: input_file:eu/emi/security/authn/x509/impl/CertificateUtils$Encoding.class */
    public enum Encoding {
        PEM,
        DER
    }

    public static void configureSecProvider() {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    public static X509Certificate[] convertToX509Chain(Certificate[] certificateArr) throws ClassCastException {
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        for (int i = 0; i < certificateArr.length; i++) {
            x509CertificateArr[i] = (X509Certificate) certificateArr[i];
        }
        return x509CertificateArr;
    }

    public static String format(X509Certificate x509Certificate, FormatMode formatMode) {
        return new X509Formatter(formatMode).format(x509Certificate);
    }

    public static String format(X509Certificate[] x509CertificateArr, FormatMode formatMode) {
        return new X509Formatter(formatMode).format(x509CertificateArr);
    }

    public static X509Certificate loadCertificate(InputStream inputStream, Encoding encoding) throws IOException {
        X509Certificate[] loadCertificateChain = loadCertificateChain(inputStream, encoding);
        if (loadCertificateChain.length != 1) {
            throw new IOException("The PEM contains more than one certificate");
        }
        return loadCertificateChain[0];
    }

    public static PrivateKey loadPrivateKey(InputStream inputStream, Encoding encoding, char[] cArr) throws IOException {
        if (!encoding.equals(Encoding.PEM)) {
            return loadDERPrivateKey(inputStream, cArr);
        }
        Object readObject = new FlexiblePEMReader(new InputStreamReader(inputStream, Charset.forName("US-ASCII")), cArr == null ? null : new CharArrayPasswordFinder(cArr)).readObject();
        if (readObject instanceof PrivateKey) {
            return (PrivateKey) readObject;
        }
        if (readObject instanceof KeyPair) {
            return ((KeyPair) readObject).getPrivate();
        }
        throw new IOException("The PEM does not contain a private key, it was parsed as " + readObject.getClass().getName());
    }

    private static PrivateKey parsePEMPrivateKey(PemObject pemObject, char[] cArr) throws IOException {
        Object readObject = new CachedPEMReader(pemObject, cArr == null ? null : new CharArrayPasswordFinder(cArr)).readObject();
        if (readObject instanceof PrivateKey) {
            return (PrivateKey) readObject;
        }
        if (readObject instanceof KeyPair) {
            return ((KeyPair) readObject).getPrivate();
        }
        throw new IOException("The PEM input does not contain a private key, it was parsed as " + readObject.getClass().getName());
    }

    private static PrivateKey loadDERPrivateKey(InputStream inputStream, char[] cArr) throws IOException {
        Object readObject = new PKCS8DERReader(inputStream, cArr == null ? null : new CharArrayPasswordFinder(cArr)).readObject();
        if (readObject instanceof PrivateKey) {
            return (PrivateKey) readObject;
        }
        throw new IOException("The DER input does not contain a private key, it was parsed as " + readObject.getClass().getName());
    }

    public static X509Certificate[] loadCertificateChain(InputStream inputStream, Encoding encoding) throws IOException {
        InputStream inputStream2 = inputStream;
        if (encoding.equals(Encoding.PEM)) {
            boolean z = false;
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(4096);
            FlexiblePEMReader flexiblePEMReader = new FlexiblePEMReader(new InputStreamReader(inputStream, ASCII));
            while (true) {
                PemObject readPemObject = flexiblePEMReader.readPemObject();
                if (readPemObject == null && !z) {
                    throw new IOException("PEM data not found in the stream and its end was reached");
                }
                if (readPemObject == null) {
                    inputStream2 = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
                    break;
                }
                CertificateHelpers.PEMContentsType pEMType = CertificateHelpers.getPEMType(readPemObject.getType());
                if (!pEMType.equals(CertificateHelpers.PEMContentsType.CERTIFICATE)) {
                    throw new IOException("Expected PEM encoded certificate but found: " + pEMType);
                }
                z = true;
                byteArrayOutputStream.write(readPemObject.getContent());
            }
        }
        return loadDERCertificateChain(inputStream2);
    }

    private static X509Certificate[] loadDERCertificateChain(InputStream inputStream) throws IOException {
        Collection<? extends Certificate> readDERCertificates = CertificateHelpers.readDERCertificates(inputStream);
        Iterator<? extends Certificate> it = readDERCertificates.iterator();
        X509Certificate[] x509CertificateArr = new X509Certificate[readDERCertificates.size()];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            Certificate next = it.next();
            if (!(next instanceof X509Certificate)) {
                throw new IOException("The PEM contains a certificate which is not a X.509Certificate, it is " + next.getClass().getName());
            }
            x509CertificateArr[i] = (X509Certificate) next;
        }
        return x509CertificateArr;
    }

    public static KeyStore loadPEMKeystore(InputStream inputStream, char[] cArr, char[] cArr2) throws IOException {
        PrivateKey privateKey = null;
        ArrayList arrayList = new ArrayList();
        FlexiblePEMReader flexiblePEMReader = new FlexiblePEMReader(new InputStreamReader(inputStream, ASCII));
        while (true) {
            PemObject readPemObject = flexiblePEMReader.readPemObject();
            if (readPemObject == null) {
                Certificate[] sortChain = CertificateHelpers.sortChain(arrayList);
                try {
                    KeyStore keyStoreHelper = KeyStoreHelper.getInstance("JKS");
                    keyStoreHelper.load(null, null);
                    keyStoreHelper.setKeyEntry(DEFAULT_KEYSTORE_ALIAS, privateKey, cArr2, sortChain);
                    return keyStoreHelper;
                } catch (KeyStoreException e) {
                    throw new IOException("Can't setup the JKS keystore", e);
                } catch (NoSuchAlgorithmException e2) {
                    throw new IOException("Can't setup the JKS keystore", e2);
                } catch (CertificateException e3) {
                    throw new IOException("Can't setup the JKS keystore", e3);
                }
            }
            CertificateHelpers.PEMContentsType pEMType = CertificateHelpers.getPEMType(readPemObject.getType());
            if (pEMType.equals(CertificateHelpers.PEMContentsType.PRIVATE_KEY) || pEMType.equals(CertificateHelpers.PEMContentsType.LEGACY_OPENSSL_PRIVATE_KEY)) {
                if (privateKey != null) {
                    throw new IOException("Multiple private keys were found");
                }
                privateKey = parsePEMPrivateKey(readPemObject, cArr);
            } else {
                if (!pEMType.equals(CertificateHelpers.PEMContentsType.CERTIFICATE)) {
                    throw new IOException("Unsupported PEM object found in the input: " + pEMType);
                }
                for (X509Certificate x509Certificate : loadDERCertificateChain(new ByteArrayInputStream(readPemObject.getContent()))) {
                    arrayList.add(x509Certificate);
                }
            }
        }
    }

    public static void saveCertificate(OutputStream outputStream, X509Certificate x509Certificate, Encoding encoding) throws IOException {
        if (encoding.equals(Encoding.PEM)) {
            PEMWriter pEMWriter = new PEMWriter(new OutputStreamWriter(outputStream, ASCII));
            pEMWriter.writeObject(x509Certificate);
            pEMWriter.flush();
        } else {
            try {
                outputStream.write(x509Certificate.getEncoded());
                outputStream.flush();
            } catch (CertificateEncodingException e) {
                throw new IOException("Can't encode the certificate into ASN.1 DER format", e);
            }
        }
    }

    public static void savePrivateKey(OutputStream outputStream, PrivateKey privateKey, Encoding encoding, String str, char[] cArr) throws IOException, IllegalArgumentException {
        PKCS8Generator pKCS8Generator;
        if (str != null) {
            try {
                pKCS8Generator = new PKCS8Generator(privateKey, str, BouncyCastleProvider.PROVIDER_NAME);
                pKCS8Generator.setPassword(cArr);
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalArgumentException("Unknown encryption algorithm " + str, e);
            } catch (NoSuchProviderException e2) {
                throw new RuntimeException("UPS! Default provider is not known!", e2);
            }
        } else {
            pKCS8Generator = new PKCS8Generator(privateKey);
        }
        if (encoding.equals(Encoding.PEM)) {
            PemWriter pemWriter = new PemWriter(new OutputStreamWriter(outputStream, ASCII));
            pemWriter.writeObject(pKCS8Generator);
            pemWriter.flush();
        } else {
            if (str == null) {
                outputStream.write(privateKey.getEncoded());
            } else {
                outputStream.write(pKCS8Generator.generate().getContent());
            }
            outputStream.flush();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static void saveCertificateChain(OutputStream outputStream, X509Certificate[] x509CertificateArr, Encoding encoding) throws IOException {
        byte[] bArr = new byte[x509CertificateArr.length];
        int i = 0;
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            try {
                bArr[i2] = x509CertificateArr[i2].getEncoded();
                i += bArr[i2].length;
            } catch (CertificateEncodingException e) {
                throw new IOException("Can't encode the certificate into ASN1 DER format", e);
            }
        }
        if (!encoding.equals(Encoding.PEM)) {
            for (byte[] bArr2 : bArr) {
                outputStream.write(bArr2);
            }
            outputStream.flush();
            return;
        }
        final byte[] bArr3 = new byte[i];
        int i3 = 0;
        for (int i4 = 0; i4 < bArr.length; i4++) {
            System.arraycopy(bArr[i4], 0, bArr3, i3, bArr[i4].length);
            i3 += bArr[i4].length;
        }
        PemWriter pemWriter = new PemWriter(new OutputStreamWriter(outputStream, ASCII));
        pemWriter.writeObject(new PemObjectGenerator() { // from class: eu.emi.security.authn.x509.impl.CertificateUtils.1
            public PemObject generate() throws PemGenerationException {
                return new PemObject("CERTIFICATE", bArr3);
            }
        });
        pemWriter.flush();
    }

    public static void savePEMKeystore(OutputStream outputStream, KeyStore keyStore, String str, String str2, char[] cArr, char[] cArr2) throws IOException, KeyStoreException, IllegalArgumentException, UnrecoverableKeyException, NoSuchAlgorithmException {
        Key key = keyStore.getKey(str, cArr);
        if (key == null) {
            throw new IllegalArgumentException("The specified alias does not correspond to any key entry");
        }
        if (!(key instanceof PrivateKey)) {
            throw new IllegalArgumentException("The alias corresponds to a secret key, not to the private key");
        }
        savePrivateKey(outputStream, (PrivateKey) key, Encoding.PEM, str2, cArr2);
        saveCertificateChain(outputStream, convertToX509Chain(keyStore.getCertificateChain(str)), Encoding.PEM);
    }

    static {
        configureSecProvider();
        ASCII = Charset.forName("US-ASCII");
    }
}
